In a watershed moment for digital currencies, late last year the US Office of Foreign Assets Control (OFAC) added two digital wallet addresses to its Specially Designated Nationals list (SDN).
In a watershed moment for digital currencies, late last year the US Office of Foreign Assets Control (OFAC) added two digital wallet addresses to its Specially Designated Nationals list (SDN). The addresses are linked to two individuals suspected of an affiliation with the SamSam ransomware group. The city records of Chicago and Baltimore both fell victim to SamSam; both municipalities had their data locked down until a ransom was paid to the perpetrators in a digital currency. SamSam extracted over $6 million in Bitcoin from over 200 unlucky victims, crossing 40 exchanges. The first two addresses that were added to the SDN were 149w62rY42aZBox8fGcmqNsXUzSStKeq8C and 1AjZPMsnumpdK2Rv9KQNfMurTXinscVro9V; this puts the burden of awareness on any entity that falls under the jurisdiction of OFAC. If an organization identifies a touchpoint with these two wallet addresses, the transactions must be blocked and reported to OFAC.
As displayed above, a wallet address is a unique alphanumeric code associated with a software application designed to hold or transact in digital currency. All transactions are visible on the blockchain and allow investigators to track the destinations of the currencies until they are exchanged for fiat currency. In the case of SamSam, the two referenced Iranian nationals assisted in the conversion of Bitcoin into Iranian rial. The wallet allows the owner of digital currency to store and/or transact in a wide array of digital currencies. The currencies listed within OFAC’s announcement, in addition to Bitcoin, are Ethereum, Litecoin, NEO, Dash, Ripple, Iota, Monero and Petro.
The addition of digital currency wallet addresses to the SDN will immediately affect digital currency exchanges operating within the US and those internationally that have business relationships with US exchanges. In addition, it will also impact legacy financial institutions that have many different touchpoints with digital currency exchanges. The decision made by OFAC to publish digital currency wallet addresses to its list is a recognition by OFAC that digital currencies can be used by bad actors to carry out their business objectives, and that a formal tracking/reporting process needs to be sustained in order to facilitate wider digital currency adoption.
The idea that digital currencies are attractive to criminals is hardly news; one research paper linked up to 46% of Bitcoin transactions to illegal activity, a sum equal to $76 billion, or three quarters of the illicit drug trade in the continental United States.
When Bitcoin, the first successful digital currency, was released into circulation in 2009, there was a significant amount of negative media attention focused on its use in the Silk Road dark web marketplace. Users had the ability to purchase illegal narcotics, child pornography, and assassination contracts. Ten years into circulation, Bitcoin and competing digital currencies continue to be plagued by negative media in the form of ransomware. If it weren’t for the ability of digital currencies to seamlessly cross international borders without the involvement of third parties, ransomware would not be a viable business opportunity for bad actors. The fact that law enforcement and regulators have the ability to name the beneficiaries of the illicit proceeds by forensically examining transactions on the blockchain highlights the pseudonymous nature of digital currencies and is a true benefit to regulators when compared to the difficult if not impossible task of tracking fiat currency cash transactions.
Yet, there is a huge difference: while transactions in the form of physical banknotes are very difficult to trace, Blockchain preserves a complete, unalterable, distributed ledger of transactions that is nigh-on impossible to destroy or modify. Former Assistant US Attorney Kathryn Haun demonstrates how this technique was used to successfully identify, trace, prosecute and jail a Drug Enforcement Agency (DEA) Agent who had stolen cryptocurrency with a value (at the time) of $135,600,000 during the operation to dismantle the Silk Road dark market. In the process, the involvement of a US Secret Service Agent was also uncovered. Whether such a theft could be uncovered in so direct a manner were suitcases of cash involved, and whether anyone could physically make off with that many banknotes, is an interesting question.
OFAC’s decision to prohibit transactions with digital currency wallets linked to bad actors is yet another example of thoughtful regulation applied to the historically unwieldly world of digital currencies. This form of carefully applied regulation, in combination with sanction list management tools such as WLM, will see to it that digital currencies continue to distance themselves from the negative media of old.
Doug McCalmont is a Senior AML Solutions Consultant at BAE Systems